How to allow iFrames

Problem

<iframe> elements are removed from self-service articles and other user generated content.

Cause

This is a security feature to prevent cross-site scripting (XSS) attacks.

Resolution

By default we whitelist a number of domains that are permitted to use iframe. Follow the below steps to add your domain to the whitelist:

1. Create or edit the following file: config/production/purifier.php
2. Add your domain to the value of URI.SafeIframeRegexp - replace your-domain-here below (do not include http://)

   <?php
   
   return array(
       "settings" => array(
           "default" => array(
               "URI.SafeIframeRegexp" => "%^(http://|https://|//)(www.youtube.com/embed/|player.vimeo.com/video/|your-domain-here)%",
           ),
       ),
   );